CVE-2023-23007

HIGH

Ecisp Espcms - SQL Injection

Title source: rule

Description

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.

Exploits (1)

gitee 11 stars

by earclink · phpwriteup

https://gitee.com/earclink/espcms/issues/I680WG

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/earclink/espcms/issues/I680WG

Scores

CVSS v3 7.2

EPSS 0.0024

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

ecisp/espcms p8.21120101

Published Feb 17, 2023

Tracked Since Feb 18, 2026